Tuesday, November 3, 2009

Why Crack When You Can Pass the Hash?

SANS Institute InfoSec Reading Room

A weakness exists in the design of Windows unsalted password hashing mechanism.
The static nature of this password hash provides the means for someone to masquerade as another user if the victim's hash can be obtained. While the concept of passing a Windows password hash has been around for some time, the release of publicly available tools has taken the first major step towards harnessing the true power of this attack.Although such tools have not yet targeted Microsoft s implementation of Kerberos,all organi...

Download PDF

No comments: